Hello community,
here is the log from the commit of package yast2-users for openSUSE:Factory
checked in at 2016-04-16 22:07:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-users (Old)
and /work/SRC/openSUSE:Factory/.yast2-users.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-users"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-users/yast2-users.changes 2016-03-20
11:48:12.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-users.new/yast2-users.changes
2016-04-16 22:07:33.000000000 +0200
@@ -1,0 +2,9 @@
+Thu Apr 7 08:49:13 UTC 2016 - igonzalezs...@suse.com
+
+- Does not set empty passwords fields in /etc/shadow during
+ installation (CVE-2016-1601, bnc#973639, bnc#974220)
+- Set root password correctly when using a minimal profile
+ (bnc#971804)
+- 3.1.47
+
+-------------------------------------------------------------------
Old:
----
yast2-users-3.1.46.tar.bz2
New:
----
yast2-users-3.1.47.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-users.spec ++++++
--- /var/tmp/diff_new_pack.OUASOL/_old 2016-04-16 22:07:34.000000000 +0200
+++ /var/tmp/diff_new_pack.OUASOL/_new 2016-04-16 22:07:34.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-users
-Version: 3.1.46
+Version: 3.1.47
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -37,7 +37,7 @@
BuildRequires: yast2-perl-bindings
BuildRequires: yast2-security
BuildRequires: yast2-testsuite
-BuildRequires: rubygem(rspec)
+BuildRequires: rubygem(%rb_default_ruby_abi:rspec)
Requires: cracklib
Requires: perl-Digest-SHA1
@@ -105,6 +105,10 @@
%dir %{yast_yncludedir}/users
%dir %{yast_moduledir}/YaPI
%{yast_clientdir}/*.rb
+%dir %{yast_libdir}/users
+%dir %{yast_libdir}/users/clients
+%{yast_libdir}/users/*
+%{yast_libdir}/users/clients/*
%{yast_desktopdir}/*.desktop
%{yast_moduledir}/*.pm
%{yast_moduledir}/UsersUI.rb
++++++ yast2-users-3.1.46.tar.bz2 -> yast2-users-3.1.47.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/.travis.yml
new/yast2-users-3.1.47/.travis.yml
--- old/yast2-users-3.1.46/.travis.yml 2016-03-15 15:26:26.000000000 +0100
+++ new/yast2-users-3.1.47/.travis.yml 2016-04-12 14:01:29.000000000 +0200
@@ -5,7 +5,7 @@
# disable rvm, use system Ruby
- rvm reset
- wget
https://raw.githubusercontent.com/yast/yast-devtools/master/travis-tools/travis_setup.sh
- - sh ./travis_setup.sh -p "rake yast2-devtools yast2-testsuite yast2
yast2-perl-bindings yast2-core-dev yast2-ldap yast2-perl-bindings
yast2-security libcrack2-dev doxygen libdigest-sha1-perl" -g "yast-rake gettext"
+ - sh ./travis_setup.sh -p "rake yast2-devtools yast2-testsuite yast2
yast2-perl-bindings yast2-core-dev yast2-ldap yast2-perl-bindings
yast2-security libcrack2-dev doxygen libdigest-sha1-perl" -g "rspec:3.3.0
yast-rake gettext"
script:
- rake check:syntax
- rake check:pot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/package/yast2-users.changes
new/yast2-users-3.1.47/package/yast2-users.changes
--- old/yast2-users-3.1.46/package/yast2-users.changes 2016-03-15
15:26:26.000000000 +0100
+++ new/yast2-users-3.1.47/package/yast2-users.changes 2016-04-12
14:01:29.000000000 +0200
@@ -1,4 +1,13 @@
-------------------------------------------------------------------
+Thu Apr 7 08:49:13 UTC 2016 - igonzalezs...@suse.com
+
+- Does not set empty passwords fields in /etc/shadow during
+ installation (CVE-2016-1601, bnc#973639, bnc#974220)
+- Set root password correctly when using a minimal profile
+ (bnc#971804)
+- 3.1.47
+
+-------------------------------------------------------------------
Sat Mar 5 11:04:17 UTC 2016 - igonzalezs...@suse.com
- Do not include inst-sys users when cloning the configuration
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/package/yast2-users.spec
new/yast2-users-3.1.47/package/yast2-users.spec
--- old/yast2-users-3.1.46/package/yast2-users.spec 2016-03-15
15:26:26.000000000 +0100
+++ new/yast2-users-3.1.47/package/yast2-users.spec 2016-04-12
14:01:29.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-users
-Version: 3.1.46
+Version: 3.1.47
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -37,7 +37,7 @@
BuildRequires: yast2-perl-bindings
BuildRequires: yast2-security
BuildRequires: yast2-testsuite
-BuildRequires: rubygem(rspec)
+BuildRequires: rubygem(%rb_default_ruby_abi:rspec)
Requires: cracklib
Requires: perl-Digest-SHA1
@@ -105,6 +105,10 @@
%dir %{yast_yncludedir}/users
%dir %{yast_moduledir}/YaPI
%{yast_clientdir}/*.rb
+%dir %{yast_libdir}/users
+%dir %{yast_libdir}/users/clients
+%{yast_libdir}/users/*
+%{yast_libdir}/users/clients/*
%{yast_desktopdir}/*.desktop
%{yast_moduledir}/*.pm
%{yast_moduledir}/UsersUI.rb
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/src/Makefile.am
new/yast2-users-3.1.47/src/Makefile.am
--- old/yast2-users-3.1.46/src/Makefile.am 2016-03-15 15:26:26.000000000
+0100
+++ new/yast2-users-3.1.47/src/Makefile.am 2016-04-12 14:01:29.000000000
+0200
@@ -35,6 +35,10 @@
clients/inst_user_first.rb \
clients/users_encryption_method.rb
+ylibclientdir = @ylibdir@/users/clients
+ylibclient_DATA = \
+ lib/users/clients/users_finish.rb
+
yncludedir = @yncludedir@/users
ynclude_DATA = \
include/users/widgets.rb \
@@ -77,6 +81,6 @@
desktop_DATA = \
desktop/users.desktop
-EXTRA_DIST = $(module_DATA) $(module1_DATA) $(client_DATA) $(ynclude_DATA)
$(ylibdialog_DATA) $(ylib_DATA) $(scrconf_DATA) $(agent_SCRIPTS)
$(schemafiles_DATA) $(desktop_DATA)
+EXTRA_DIST = $(module_DATA) $(module1_DATA) $(client_DATA) $(ynclude_DATA)
$(ylibdialog_DATA) $(ylib_DATA) $(scrconf_DATA) $(agent_SCRIPTS)
$(schemafiles_DATA) $(desktop_DATA) $(ylibclient_DATA)
include $(top_srcdir)/Makefile.am.common
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/src/clients/users_finish.rb
new/yast2-users-3.1.47/src/clients/users_finish.rb
--- old/yast2-users-3.1.46/src/clients/users_finish.rb 2016-03-15
15:26:26.000000000 +0100
+++ new/yast2-users-3.1.47/src/clients/users_finish.rb 2016-04-12
14:01:29.000000000 +0200
@@ -27,75 +27,5 @@
#
# $Id$
-module Yast
- class UsersFinishClient < Client
- def main
- textdomain "users"
-
- Yast.import "Autologin"
- Yast.import "Users"
- Yast.import "UsersSimple"
-
- # create_users()
- Yast.include self, "users/routines.rb"
-
- @func = ""
- @param = {}
-
- # Check arguments
- if Ops.greater_than(Builtins.size(WFM.Args), 0) &&
- Ops.is_string?(WFM.Args(0))
- @func = Convert.to_string(WFM.Args(0))
- if Ops.greater_than(Builtins.size(WFM.Args), 1) &&
- Ops.is_map?(WFM.Args(1))
- @param = Convert.to_map(WFM.Args(1))
- end
- end
-
- Builtins.y2milestone("starting users_finish")
- Builtins.y2debug("func=%1", @func)
- Builtins.y2debug("param=%1", @param)
-
- if @func == "Info"
- return {
- "steps" => 1,
- # progress step title
- "title" => _("Writing Users Configuration..."),
- "when" => [:installation, :live_installation, :autoinst]
- }
- elsif @func == "Write"
- # Creating all users and their environment
-
- if Mode.autoinst
- # Write imported users (during autoupgrade no changes are done)
-
- # During installation, some package could add a new user, so we
- # need to read them again before writing.
- Users.SetExportAll(true)
- saved = Users.Export
- Users.ReadLocal
- Users.Import(saved)
-
- # Write users
- Users.SetWriteOnly(true)
- @progress_orig = Progress.set(false)
- @ret = Users.Write == ""
- Progress.set(@progress_orig)
- else
- # write the root password
- UsersSimple.Write
-
- other_users = setup_all_users
- Users.Write if other_users
- end
- else
- Builtins.y2error("unknown function: %1", @func)
- end
-
- Builtins.y2milestone("users_finish finished")
- nil
- end
- end
-end
-
-Yast::UsersFinishClient.new.main
+require "users/clients/users_finish"
+Yast::UsersFinishClient.new.run
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/src/include/users/routines.rb
new/yast2-users-3.1.47/src/include/users/routines.rb
--- old/yast2-users-3.1.46/src/include/users/routines.rb 2016-03-15
15:26:26.000000000 +0100
+++ new/yast2-users-3.1.47/src/include/users/routines.rb 2016-04-12
14:01:29.000000000 +0200
@@ -30,6 +30,7 @@
module UsersRoutinesInclude
def initialize_users_routines(include_target)
Yast.import "Mode"
+ Yast.import "Autologin"
textdomain "users"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-users-3.1.46/src/lib/users/clients/users_finish.rb
new/yast2-users-3.1.47/src/lib/users/clients/users_finish.rb
--- old/yast2-users-3.1.46/src/lib/users/clients/users_finish.rb
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/src/lib/users/clients/users_finish.rb
2016-04-12 14:01:29.000000000 +0200
@@ -0,0 +1,94 @@
+# encoding: utf-8
+
+#
------------------------------------------------------------------------------
+# Copyright (c) 2016 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of version 2 of the GNU General Public License as published by the
+# Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
+#
+#
------------------------------------------------------------------------------
+
+require "installation/finish_client"
+
+module Yast
+ class UsersFinishClient < ::Installation::FinishClient
+ include Logger
+
+ def initialize
+ textdomain "users"
+
+ Yast.import "Users"
+ Yast.import "UsersSimple"
+ # setup_all_users()
+ Yast.include self, "users/routines.rb"
+ end
+
+ # Write users
+ #
+ # It relies in different methods depending if it's running
+ # during autoinst or in a regular installation.
+ #
+ # @see write_autoinst
+ # @see write_install
+ def write
+ if Mode.autoinst
+ write_autoinst
+ else
+ write_install
+ end
+ end
+
+ protected
+
+ # @see Implements ::Installation::FinishClient#modes
+ def modes
+ [:installation, :live_installation, :autoinst]
+ end
+
+ # @see Implements ::Installation::FinishClient#title
+ def title
+ _("Writing Users Configuration...")
+ end
+
+ # Write imported users during autoinstallation
+ #
+ # During installation, some package could add a new user, so we
+ # need to read them again before writing.
+ #
+ # On the other hand, during autoupgrade no changes are performed.
+ def write_autoinst
+ # 1. Export users imported in inst_autosetup (and store them)
+ Users.SetExportAll(false)
+ saved = Users.Export
+ log.info("Users to import: #{saved}")
+
+ # 2. Read users and settings from the installed system
+ # (bsc#965852, bsc#973639, bsc#974220 and bsc#971804)
+ Users.Read
+
+ # 3. Merge users from the system with new users from
+ # AutoYaST profile (from step 1)
+ Users.Import(saved)
+
+ # 4. Write users
+ Users.SetWriteOnly(true)
+ @progress_orig = Progress.set(false)
+ error = Users.Write
+ log.error(error) unless error.empty?
+ Progress.set(@progress_orig)
+ end
+
+ # Write root password a new users during regular installation
+ def write_install
+ # write the root password
+ UsersSimple.Write
+ # write new users (if any)
+ Users.Write if setup_all_users
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/src/modules/Users.pm
new/yast2-users-3.1.47/src/modules/Users.pm
--- old/yast2-users-3.1.46/src/modules/Users.pm 2016-03-15 15:26:26.000000000
+0100
+++ new/yast2-users-3.1.47/src/modules/Users.pm 2016-04-12 14:01:29.000000000
+0200
@@ -6132,8 +6132,7 @@
# remove cache entries (#50265)
UsersCache->ResetCache ();
- # Avoid to read local users during 1st stage (bnc#965852)
- my $error_msg = (Mode->test() || Stage->initial()) ? "" : $self->ReadLocal
();
+ my $error_msg = Mode->test() ? "" : $self->ReadLocal ();
if ($error_msg) {
return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/Makefile.am
new/yast2-users-3.1.47/test/Makefile.am
--- old/yast2-users-3.1.46/test/Makefile.am 1970-01-01 01:00:00.000000000
+0100
+++ new/yast2-users-3.1.47/test/Makefile.am 2016-04-12 14:01:29.000000000
+0200
@@ -0,0 +1,8 @@
+# Tests for users
+TESTS = \
+ users_finish_test.rb
+
+TEST_EXTENSIONS = .rb
+RB_LOG_COMPILER = rspec
+VERBOSE = 1
+EXTRA_DIST = $(TESTS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-users-3.1.46/test/fixtures/root/etc/default/useradd
new/yast2-users-3.1.47/test/fixtures/root/etc/default/useradd
--- old/yast2-users-3.1.46/test/fixtures/root/etc/default/useradd
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/fixtures/root/etc/default/useradd
2016-04-12 14:01:29.000000000 +0200
@@ -0,0 +1,8 @@
+# useradd defaults file
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/bash
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=yes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/fixtures/root/etc/group
new/yast2-users-3.1.47/test/fixtures/root/etc/group
--- old/yast2-users-3.1.46/test/fixtures/root/etc/group 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/fixtures/root/etc/group 2016-04-12
14:01:29.000000000 +0200
@@ -0,0 +1,37 @@
+root:x:0:
+bin:x:1:daemon
+daemon:x:2:
+sys:x:3:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+www:x:8:
+kmem:x:9:
+wheel:x:10:
+mail:x:12:
+news:x:13:
+uucp:x:14:
+shadow:x:15:
+dialout:x:16:
+audio:x:17:
+floppy:x:19:
+cdrom:x:20:
+console:x:21:
+utmp:x:22:
+public:x:32:
+video:x:33:
+games:x:40:
+xok:x:41:
+trusted:x:42:
+modem:x:43:
+ftp:x:49:
+lock:x:54:
+man:x:62:
+users:x:100:
+nobody:x:65533:
+nogroup:x:65534:nobody
+messagebus:x:499:
+sshd:x:498:
+tape:x:497:
+polkitd:x:496:
+nscd:x:495:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/fixtures/root/etc/login.defs
new/yast2-users-3.1.47/test/fixtures/root/etc/login.defs
--- old/yast2-users-3.1.46/test/fixtures/root/etc/login.defs 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/fixtures/root/etc/login.defs 2016-04-12
14:01:29.000000000 +0200
@@ -0,0 +1,287 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
+# pam_unix enforces a 2s delay)
+#
+FAIL_DELAY 3
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB yes
+SYSLOG_SG_ENAB yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names. Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE /etc/securetty
+#CONSOLE console:tty01:tty02:tty03:tty04
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE /var/log/sulog
+
+#
+# If defined, ":" delimited list of "message of the day" files to
+# be displayed upon login.
+#
+MOTD_FILE /etc/motd
+#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100 tty01".
+#
+#TTYTYPE_FILE /etc/ttytype
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence. If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file. If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+#HUSHLOGIN_FILE .hushlogin
+HUSHLOGIN_FILE /etc/hushlogins
+
+#
+# *REQUIRED* The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin
+
+#
+# The default PATH settings for root (used by login):
+#
+ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
+
+#
+# Terminal permissions
+#
+# TTYGROUP Login tty will be assigned this group ownership.
+# TTYPERM Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP tty
+TTYPERM 0620
+
+#
+# Login configuration initializations:
+#
+# ERASECHAR Terminal ERASE character ('\010' = backspace).
+# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR 0177
+KILLCHAR 025
+
+# Default initial "umask" value used by login on non-PAM enabled systems.
+# Default "umask" value for pam_umask on PAM enabled systems.
+# UMASK is also used by useradd and newusers to set the mode of new home
+# directories.
+# 022 is the default value, but 027, or even 077, could be considered
+# better for privacy. There is no One True Answer here: each sysadmin
+# must make up her mind.
+UMASK 022
+
+#
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS 365
+PASS_MIN_DAYS 0
+PASS_WARN_AGE 7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
+# UIDs for dynamically allocated administrative and system accounts.
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
+# allocated user accounts.
+#
+UID_MIN 1000
+UID_MAX 60000
+# System accounts
+SYS_UID_MIN 100
+SYS_UID_MAX 499
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
+# GIDs for dynamically allocated administrative and system groups.
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
+# allocated groups.
+#
+GID_MIN 1000
+GID_MAX 60000
+# System accounts
+SYS_GID_MIN 100
+SYS_GID_MAX 499
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES 3
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT 60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone). If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT rwh
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password
(default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: If you use PAM, it is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+ENCRYPT_METHOD_NIS DES
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting). Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+#CONSOLE_GROUPS floppy:audio:cdrom
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+# See USERDEL_PRECMD/POSTCMD below.
+#
+#USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB no
+
+#
+# If set to a non-nul number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permit to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP 0
+
+#
+# If useradd should create home directories for users by default (non
+# system users only)
+# This option is overridden with the -M or -m flags on the useradd command
+# line.
+#
+CREATE_HOME no
+
+#
+# User/group names must match the following regex expression.
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
+# but be aware that the result could depend on the locale settings.
+#
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
+CHARACTER_CLASS
[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
+
+#
+# If defined, this command is run when adding a group.
+# It should rebuild any NIS database etc. to add the
+# new created group.
+#
+GROUPADD_CMD /usr/sbin/groupadd.local
+
+#
+# If defined, this command is run when adding a user.
+# It should rebuild any NIS database etc. to add the
+# new created account.
+#
+USERADD_CMD /usr/sbin/useradd.local
+
+#
+# If defined, this command is run before removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed.
+#
+USERDEL_PRECMD /usr/sbin/userdel-pre.local
+
+#
+# If defined, this command is run after removing a user.
+# It should rebuild any NIS database etc. to remove the
+# account from it.
+#
+USERDEL_POSTCMD /usr/sbin/userdel-post.local
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/fixtures/root/etc/passwd
new/yast2-users-3.1.47/test/fixtures/root/etc/passwd
--- old/yast2-users-3.1.46/test/fixtures/root/etc/passwd 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/fixtures/root/etc/passwd 2016-04-12
14:01:29.000000000 +0200
@@ -0,0 +1,18 @@
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/bin/bash
+daemon:x:2:2:Daemon:/sbin:/bin/bash
+lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
+mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
+news:x:9:13:News system:/etc/news:/bin/bash
+uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
+games:x:12:100:Games account:/var/games:/bin/bash
+man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
+wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
+ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
+nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
+messagebus:x:499:499:User for D-Bus:/var/run/dbus:/bin/false
+sshd:x:498:498:SSH daemon:/var/lib/sshd:/bin/false
+polkitd:x:497:496:User for polkitd:/var/lib/polkit:/sbin/nologin
+nscd:x:496:495:User for nscd:/run/nscd:/sbin/nologin
+rpc:x:495:65534:user for rpcbind:/var/lib/empty:/sbin/nologin
+openslp:x:494:2:openslp daemon:/var/lib/empty:/sbin/nologin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/fixtures/root/etc/shadow
new/yast2-users-3.1.47/test/fixtures/root/etc/shadow
--- old/yast2-users-3.1.46/test/fixtures/root/etc/shadow 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/fixtures/root/etc/shadow 2016-04-12
14:01:29.000000000 +0200
@@ -0,0 +1,18 @@
+root:$6$pLaWhcXR$gn1LrOlTEV9B.SBn.iITpknL6eg/n63am7rzp2fMsB8ap5cUWl3ZcnT7o5mTcrG85bz/NhaC1D/izwkJeL5gI.:16899::::::
+bin:*:16765::::::
+daemon:*:16765::::::
+lp:*:16765::::::
+mail:*:16765::::::
+news:*:16765::::::
+uucp:*:16765::::::
+games:*:16765::::::
+man:*:16765::::::
+wwwrun:*:16765::::::
+ftp:*:16765::::::
+nobody:*:16765::::::
+messagebus:!:16765::::::
+sshd:!:16765::::::
+polkitd:!:16765::::::
+nscd:!:16765::::::
+rpc:!:16765::::::
+openslp:!:16765::::::
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/fixtures/root/etc/shells
new/yast2-users-3.1.47/test/fixtures/root/etc/shells
--- old/yast2-users-3.1.46/test/fixtures/root/etc/shells 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/fixtures/root/etc/shells 2016-04-12
14:01:29.000000000 +0200
@@ -0,0 +1,23 @@
+/bin/ash
+/bin/bash
+/bin/csh
+/bin/dash
+/bin/false
+/bin/ksh
+/bin/ksh93
+/bin/mksh
+/bin/pdksh
+/bin/sh
+/bin/tcsh
+/bin/true
+/bin/zsh
+/usr/bin/csh
+/usr/bin/dash
+/usr/bin/ksh
+/usr/bin/ksh93
+/usr/bin/mksh
+/usr/bin/passwd
+/usr/bin/pdksh
+/usr/bin/bash
+/usr/bin/tcsh
+/usr/bin/zsh
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/fixtures/users.yml
new/yast2-users-3.1.47/test/fixtures/users.yml
--- old/yast2-users-3.1.46/test/fixtures/users.yml 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/fixtures/users.yml 2016-04-12
14:01:29.000000000 +0200
@@ -0,0 +1,12 @@
+users:
+ - username: root
+ user_password: yast.password
+ fullname: Superuser
+ encrypted: true
+ - username: yast
+ user_password: suse
+ fullname: YaST team user
+ gid: 100
+ uid: 1000
+ shell: /usr/bin/zsh
+ encrypted: true
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/spec_helper.rb
new/yast2-users-3.1.47/test/spec_helper.rb
--- old/yast2-users-3.1.46/test/spec_helper.rb 1970-01-01 01:00:00.000000000
+0100
+++ new/yast2-users-3.1.47/test/spec_helper.rb 2016-04-12 14:01:29.000000000
+0200
@@ -0,0 +1,40 @@
+ENV["Y2DIR"] = File.expand_path("../../src", __FILE__)
+
+require "yast"
+require "pathname"
+require "yast/rspec"
+
+if ENV["COVERAGE"]
+ require "simplecov"
+
+ # use coveralls for on-line code coverage reporting at Travis CI
+ if ENV["TRAVIS"]
+ require "coveralls"
+
+ SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+ SimpleCov::Formatter::HTMLFormatter,
+ Coveralls::SimpleCov::Formatter
+ ]
+ end
+
+ SimpleCov.start do
+ add_filter "/test/"
+ end
+end
+
+# configure RSpec
+RSpec.configure do |config|
+ config.mock_with :rspec do |c|
+ #
https://relishapp.com/rspec/rspec-mocks/v/3-0/docs/verifying-doubles/partial-doubles
+ c.verify_partial_doubles = true
+ end
+end
+
+libdir = File.expand_path("../../src/lib", __FILE__)
+$LOAD_PATH.unshift(libdir)
+
+# force loading all files to report proper code coverage
+# Dir.chdir(libdir) { Dir["**/*.rb"].each { |f| require f } }
+
+TESTS_PATH = Pathname.new(File.dirname(__FILE__))
+FIXTURES_PATH = TESTS_PATH.join("fixtures")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-users-3.1.46/test/users_finish_test.rb
new/yast2-users-3.1.47/test/users_finish_test.rb
--- old/yast2-users-3.1.46/test/users_finish_test.rb 1970-01-01
01:00:00.000000000 +0100
+++ new/yast2-users-3.1.47/test/users_finish_test.rb 2016-04-12
14:01:29.000000000 +0200
@@ -0,0 +1,103 @@
+#!/usr/bin/env rspec
+
+require_relative "spec_helper"
+require "fileutils"
+require "yaml"
+require "users/clients/users_finish"
+
+describe Yast::UsersFinishClient do
+ Yast.import "WFM"
+ Yast.import "UsersPasswd"
+
+ describe "#run" do
+ before do
+ allow(Yast::WFM).to receive(:Args).with(no_args).and_return(args)
+ allow(Yast::WFM).to receive(:Args) { |n| n.nil? ? args : args[n] }
+ end
+
+ context "Info" do
+ let(:args) { ["Info"] }
+
+ it "returns a hash describing the client" do
+ expect(subject.run).to be_kind_of(Hash)
+ end
+ end
+
+ context "Write" do
+ let(:args) { ["Write"] }
+ let(:users) { YAML.load_file(FIXTURES_PATH.join("users.yml")) }
+
+ before { allow(Yast::Mode).to receive(:autoinst).and_return(autoinst) }
+
+ around do |example|
+ change_scr_root(FIXTURES_PATH.join("root")) { example.run }
+ FileUtils.rm_rf(FIXTURES_PATH.join("root", "var"))
+ end
+
+ context "in autoinst mode" do
+ let(:autoinst) { true }
+
+ before do
+ # Writing users involves executing commands (cp, chmod, etc.) and
those
+ # calls can't be mocked (Perl code).
+ allow(Yast::Users).to receive(:Write).and_return("")
+ Yast::Users.Import(users)
+ end
+
+ it "add users specified in the profile" do
+ subject.run
+
+ yast_user = Yast::Users.GetUsers("uid", "local").fetch("yast")
+ expect(yast_user).to_not be_nil
+ end
+
+ it "updates root account" do
+ subject.run
+
+ root_user = Yast::Users.GetUsers("uid", "system").fetch("root")
+ expect(root_user["userPassword"]).to_not be_empty
+ end
+
+ it "preserves system accounts passwords" do
+ subject.run
+
+ shadow = Yast::UsersPasswd.GetShadow("system")
+ passwords = shadow.values.map { |u| u["userPassword"] }
+ expect(passwords).to all(satisfy { |v| !v.empty? })
+ end
+ end
+
+ context "not in autoinst mode" do
+ let(:autoinst) { false }
+
+ before do
+ allow(subject).to receive(:setup_all_users).and_return(user_added)
+ end
+
+ context "when a new user is added" do
+ let(:user_added) { true }
+
+ it "write root password and users" do
+ # write root password
+ expect(Yast::UsersSimple).to receive(:Write)
+ # write users
+ expect(Yast::Users).to receive(:Write)
+ subject.run
+ end
+ end
+
+ context "when no new user is added" do
+ let(:user_added) { false }
+
+ it "write root password" do
+ # write root password
+ expect(Yast::UsersSimple).to receive(:Write)
+ # do not write users
+ expect(Yast::Users).to_not receive(:Write)
+ subject.run
+ end
+ end
+ end
+ end
+ end
+end
